top of page

Past Articles

Here we collect and archive articles that were featured on our past newsletters.

Original newsletters gathered here.

November 27th Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 27, IoT reliability & Security, IoT Device Tracking, Australia, Medical IoT Risks, HotW

How to connect IOT for business with reliability, security

Harnessing the true power of IOT and ensuring its effectiveness and security call for a deep understanding of IOT devices and network best practices.

[Click for Article]

Track Down Internet of Things Devices to Enhance Network Visibility

Agencies that don’t know what’s on their network can’t fully protect it, but there are tools to uncover unnoticed devices.

[Click for Article]

Australia’s cybersecurity strategy focuses on protecting small businesses and critical infrastructure

The Australian federal government has released the 2023-2030 Australian Cyber Security Strategy with a focus on protecting the country’s most vulnerable citizens and businesses. At first glance, the strategy covers a lot of ground, and the government will need to work hard and fast to ensure some of all the actions proposed are put in place before the next big breach.

[Click for Article]

Addressing cybersecurity risks in medical devices

While cybersecurity of any category of IoT devices is important (consider that the famous Mirai botnet attack used numerous consumer security cameras), the cybersecurity of devices within the internet of medical things (IoMT) is particularly important for several reasons.

[Click for Article]

Hack of the Week (HOT-W)

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

(Several agencies) are releasing this joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.

[Read the HOT-W]

November 16th Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 16, IoT Threats, Edge Security, Regulatory Pressures, Mozi, SESIP embraced by EU

IMore connected, less secure: Addressing IoT and OT threats to the enterprise

A forward-thinking zero trust strategy is necessary to securely manage IoT and OT devices at scale. Effectively protecting networks begins with an honest look at connectivity.

[Click for Article]

Demystifying edge security

The internet of things (IoT) has opened up a new frontier in the digital landscape, merging the physical and digital worlds through an ever-growing range of smart devices. Yet, as the network expands from smart homes to industrial setups, one looming issue remains—security.

[Click for Article]

The Regulatory Landscape for IoT: Navigating the Complexities of a Connected World

This article explores the evolving regulatory landscape for IoT, addressing the need for standards, privacy concerns, security risks, international coordination, and the path forward.

[Click for Article]

Mozi IoT Botnet: Kill Switch Halts Operations

In a surprising turn of events, the Mozi botnet experienced a sudden and significant drop in malicious activities in August 2023. This unexpected decline was attributed to the deployment of a “kill switch” that was effectively distributed to the infected bots.

[Click for Article]

SESIP embraced as European IoT security evaluation standard

GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) has been embraced as the foundation for a European Standard (EN).

 

This milestone decision aims to streamline the IoT ecosystem’s approach to regulatory challenges and facilitate a comprehensive understanding, deployment, and explanation of security measures.

[Click for Article]

2023 IoT/Connected Products Award Winners Unveiled at Total Tech Summit in Las Vegas

LAS VEGAS – Editorial leaders from SSI and sister publications CE Pro and Commercial Integrator today revealed the 12 winners of the 2023 IoT/Connected Product Awards at the 2023 Total Tech Summit.

[Click for Article]

November 9th Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 9, IoT Malware, Establishing Trust, CVSS 4.0 Standards, Hack of the Week

IoT Malware Attacks Jump 400% Since 2022, Report

(Scarlett Evans writes) Manufacturing was the primary target for malware attacks over the past year, though all industries adopting connected devices are at risk.

[Click for Article]

Here’s what the IoT industry needs to learn about trust

Article compares the difference between IoT and the traditional banking industry where the security and regulatory components are largely visible and interactive, and how IoT should adopt these (IoT updated) controls to instill confidence.

[Click for Article]

AI, memory safety are real threats to IoT security

Memory safety is one of the big things that will impact IoT security, and (our) latest report shows 76% of consumer IoT companies could fall foul of impending security regulations around the world.

[Click for Article]

(Tip) Factors to consider when securing industrial IoT networks

Industrial IoT networks differ from enterprise data networks. Keeping them safe requires a security strategy that's specifically crafted for legacy and new devices and sensors.

[Click for Article]

Common Vulnerability Scoring System version 4.0: Specification Document

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of four metric groups: Base, Threat, Environmental, and Supplemental.

[Click for Article]

Hack of the Week (HOT-W)

CVE-2023-40044 Detail (CVSS Score 8.8)

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. 

[Click for Article]

November 1st Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 1, News of the Day, NIST Vision for IoT Devices, Hack of the Week

SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures

 

It took a while for the SEC to collect their hammer and issue its complaint to Solarwinds.  The complaint alleges Solarwinds defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks

[Click for Article]

Trusted IoT Onboarding: An Introduction to Draft NIST SP 1800-36

NIST is making gradual progress towards solving a significant problem in the IoT arena.  How do you onboard the Billions of new devices in a way that is efficient and secure?  Importantly, how do you onboard these devices protecting both the device and the network?

 

NIST has published SPECIAL PUBLICATION 1800-36B this week as well as held a public seminar to discuss it direction.

[Click for Article]

OT cyber attacks proliferating despite growing cybersecurity spend

The security landscape has changed to now include nation-state actors as well as profit-driven cyber threats.  A zero-trust security model should be part of the security plan.

[Click for Article]

What cybersecurity standards will products in the EU soon have to meet?

It is worth looking closely at the EU standards as we do not see any reason why this wouldn't be copied as a US consumer standard.

[Click for Article]

Internet of Things (IoT) Security: Challenges and Best Practices

 

Contents:

  • The modern IoT landscape

  • Why does IoT security matter?

  • 5 most common IoT security challenges

  • Best practices for ensuring the security of IoT systems

  • Conclusion

[Click for Article]

CISA, HHS Release Collaborative Cybersecurity Healthcare Toolkit

 

The toolkit utilizes some of the sector-specific work done by others, but places all the tools in one place.  A good read for those who work with and are responsible for Hospital IT security.

[Click for Article]

Hack of the Week

Weintek cMT3000 HMI Web CGI (Multiple Vulnerabilities)

 

CVSS Score: 9.8

Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection

RISK EVALUATION:

Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands.

[Read the HOT-W]

[Read the vendor patch notes]

October 23rd Newsletter Content [Original Newsletter]

Subject: IPMeter- Oct 23 Guns, Cars and Cybersecurity, News of the Day, Hack of the Week

Imron's Security Conference

 

In a world of conferences that blend rubber chicken lunches with single hop Southwest tickets, Imron's Security Summit at the Marconi Automotive Museum was superbly different. Most conferences leave you feeling like you've walked into a building size cubicle from 1984, while Imron Corporation offered the latest in security practices with a backdrop of some of the very best in visual background for automotive buffs and appreciators alike.

 

The keynote was Katherine Schweit who wrote the FBI’s Active Shooter response strategies. As security professionals with varied backgrounds, this was a rare opportunity to pause and reflect on our own security postures and how they might relate to many diverse disciplines.  Those of us in cybersecurity have similar issues such as involvement of non-participants, bogus data, and response-focused solutions. Here's what I took away from this conference:

  1. Active Shooter Response: Plan Ahead, Don't Wait for an Event.   Just as planning is crucial for IoT security, the same principle applies to active shooter response. Imron's conference reinforced the idea that preparedness is key – don't wait for a crisis to strike.  CYBERSECURITY TAKEAWAY:  it means that vulnerability reports need to include proactive information for our clients.  

  2. Security Isn't an Island: It Takes a Village.  The event emphasized the importance of including non-security participants in our security plans.  The least important person in a cyber plan are the cyber experts.  In Operations Technology, its imperative that plant and facilities personnel’s experience is included in cybersecurity work product. 

  3. Active Shooters: It doesn’t just happen at schools. According to FBI research, active shooter events are actually more likely to happen in the workplace and be a current or former employee.  Just like in cybersecurity, its not always kids or someone in a foreign land, sometimes its an inside job.  Quantify your risk for your environment.

  4. Video Games Aren't the Culprit:   And here's a shocker – the FBI noted that active shooters aren't correlated with video game usage.  It's a reminder that stereotypes and assumptions don't always hold true.  

  5. Car Nerd:   The Shelby Daytona and a Gen2 Dodge Viper appear to share the same A pillar.  If it works don’t change it.

  6. More Car Nerd: Nigel Mansell's F1 ride had tires mounted on 13-inch wheels and giant series tires.   That car set a lap record that stood for two decades. Takeaway: Low Profile donuts do not always reduce lap times.

  7. Even More Car Nerd I look particularly good next to a Gull-wing Mercedes.  

201+40 = $1,000,000

(Embedded.com) Ensuring security legislation compliance in IoT applications

Michael Fuhrmann distills  Code of practice for Consumer IoT into 13 essential elements to ensure compliance with both (Customer and Organization) security requirements as well as current and upcoming legislative edicts.

[Click for Article]

(Globenewswire.com) Global Healthcare Internet of Things (IoT) Security Market Size to Reach USD 12.07 Billion in 2032 | Emergen Research

[Paywall] (According to Emergen Research) The Global Healthcare Internet of Things (IoT) Security Market size is expected to reach USD 12.07 Billion at a steady revenue CAGR of 21.6% in 2032, according to latest analysis by Emergen Research. Surge in ransomware attacks on healthcare IoT devices and rising concerns regarding threats to security of information and data in the healthcare sector are some key factors driving market revenue growth.

[Click for Article]

(Helpnetsecurity.com) Inadequate IoT protection can be a costly mistakeybersecurity

97% of organizations are struggling to secure their IoT and connected products to some degree, according to Keyfactor.

[Click for Article]

(EC-Council) IoT Security: Safeguarding Critical Networks Against Digital Assaults

This [posting] aims to explore the significance of IoT security while briefly covering a few of the significant concerns that threaten data security in these networks. Furthermore, we provide insights into safeguarding critical networks against digital assaults.

[Click for Article]

(Darkreading.com) 5 Ways Hospitals Can Help Improve Their IoT Security

(Xu Zou and Tapan Mehta of Palo Alto Networks writes) Connected medical devices have revolutionized patient care and experience. However, the use of these devices to handle clinical and operational tasks has made them a target for attackers looking to profit off of valuable patient data and disrupted operations… it found that 75% of them had at least one vulnerability or security alert.

[Click for Article]

Hack of the Week

(medium.com) Cisco CVE-2023–20198 Vulnerability

 

The recent discovery of CVE-2023–20198 has put the cybersecurity community on high alert. This critical vulnerability, identified within Cisco’s IOS XE software … This vulnerability is especially concerning as it allows remote, unauthenticated attackers to create accounts with high-level privileges on the affected systems, thus gaining control over them. … The Common Vulnerability Scoring System (CVSS) has rated this flaw a 10.0, the maximum severity score.

[Click for HOT-W]

[Click for Cisco Security Note]

October 12th Newsletter Content [Original Newsletter]

Subject: IoT Security Newsletter from IPMeter- Oct 12 *New CISA Doc*, News of the Day, Hack of the Week

Come See Us @ Marconi Auto Museum

Join us on Oct 19th at IMRON’s Security Summit in Tustin, CA.  Contact our team at newsletter@ipmeter.net to discuss complimentary tickets.

[Learn More]

Survey: 97% face challenges securing IoT & connected devices

Key findings related to IoT security challenges

  • 20% growth of IoT devices over last three years.

  • IT Professionals lack confidence in IoT device security, and improvements are needed.

  • IoT Security budgets increasing, but not keeping pace with needs.

  • Organizations and manufacturers split on who is responsible for IoT security.

[Click for Article]

Organizations Struggle With IoT Security

Report Shows Majority Organizations Struggle With IoT Security

[Click for Article]

EU, US, and Now NATO: Big Changes in IoT Cybersecurity

Here’s why IoT cybersecurity is undergoing a renaissance.

[Click for Article]

CISA OpenSource FactSheet Published

CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software

[Click for Article]

Hack of the Week

Vulnerabilities found in ConnectedIO’s ER2000 edge routers and cloud-based management platform

[Read the HOT-W]

bottom of page